Monday, April 1, 2019

Phishing, not Fishing

Wikipedia defines fishing as, "the activity of trying to catch a fish". However, Wikipedia additionally defines phishing as "the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trustworthy entity in an electronic communication". Let's talk more about "phishing"...

What is Fishing
Fishing is a sporting activity where the participant tries to catch fish. We're not going to discuss this further at this time :-)

What is Phishing
Phishing is a cyber-crime. The cyber criminal's targets are typically contacted by email (although telephone or text message can be used) by posing as a legitimate institution. The goal is to lure individuals into being fooled into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. If the phishing attack is successful, it can have devastating results for the victims.

How a Phishing Scam can Work
An attacker sends out thousands of fraudulent messages in attempt to acquire significant information or large sums of money. The fraudulent messages are designed to look like real messages. It's essentially a numbers game. Even if only a small percentage of recipients fall for the scam, the reward can be plentiful.

As a made-up example... an attacker targets alumnus from a university asking for donations. The message will contain a logo from the university, include names of school programs and appear  to be sent from the alumni director, a dean or even the school president. They even use an email address that may look like the real email address. Then, then message will direct you to a phony website that looks like your university's website with logos and other information likely copied from the real website. While your university's real website address might be "", the phony website address might look like "". At first glance, some people will be fooled.

How to Protect Yourself from Phishing
Vigilance is important:
  • Keep your operating system, anti-spam and anti-malware programs current with all updates. This will help block some phishing attacks, or even block attacks trying to access your system via an automated means.
  • Phony messages contain subtle differences or mistakes. In addition to the website address difference as above, they may have a phony physical address, phony email address or even simple spelling mistakes.
  • Be wary of tight deadlines or even threats. If the message indicates you need to pay quickly, pay a fine or send cash, that might not be a legitimate message.
  • Such messages sometimes don't address you by name (e.g. Dear Sir/Madam). A legitimate message from an organization that knows you will likely address you personally.
  • When asked to pay online, make sure you are using a secure website. Secure websites start with "https", not "http" to encrypt the connection between the browser and server. A phishing website may not have the SSL configured.
Always make sure you know and trust the person or entity that sends you an email. By exercising a little caution and attentiveness, you can avoid the dangers and problems from a phishing attack.

Click here to contact me regarding this or any other blog post. Also, I welcome comments, which you can enter below.

Friday, March 1, 2019

How a VPN Keeps You Safe When Using WiFi

Nowadays, WiFi hacking is a common occurrence. Whether your mobile device (PC, tablet or smartphone) is connected to the internet via a private or public WiFi, your connection to the internet may not be as secure or private as you may think. When using WiFi you are vulnerable to theft of your data, or worse - your personal information and finances.
Your Internet Connection
When in or outside of your home, you connect to the internet via a router. Most home routers have built-in WiFi, and most stores and offices have WiFi added to their network. Since a WiFi service can cost $40/month or more, or you may be asked to pay an hourly charge to connect in public, it's not uncommon for people to search for and use free WiFi.

The features that make free WiFi desirable for you also make it desirable for hackers. That being, it requires no authentication to establish an internet connection. And, it may easily be hacked (illegally accessed) to gain access to the online users. Not taking the necessary precautions can lead to lasting harm. For mobile devices, the harm is digital: the theft of your personal data, such as passwords, financial information, and private documents, pictures and videos.

How Hackers Get Access to Your PC Data
The most common method of attack is known as “Man in the Middle.” In this method, internet traffic is intercepted between the end-user’s device and the destination by making the victim think the hacker’s machine is the access point to the internet. In this case, you log on to the free WiFi at your location thinking you’re joining the provider's network. But somewhere nearby, a hacker is broadcasting a stronger WiFi signal from their laptop or smartphone. They trick you into using it by labeling it with the location's name (e.g. Library Free WiFi). Recognizing the name of the location where you are, you innocently connect to the hacker’s network. As you surf the web or do your online banking, all your activity is being monitored and even captured by the hacker.

Also, if you use the location's actual WiFi, it is often unsecured and vulnerable to a hacker's intrusion. Even WiFi that requires a password can be hacked when the hacker uses a password hacking tool.

Although antivirus protection and firewalls are reliable methods of cyber defense, they are useless against hackers that gained access to WiFi networks. That's because the hackers are not using virus software to gain access to your devices. You willingly connect your device to an unsecured network essentially allowing the hacker to look at what you are doing.

I read a nice analogy of how theft occurs when you are using public internet. Imagine you are walking on a crowded sidewalk or in a busy mall. You just left one place and you're heading to your next destination. Lots of people are walking around you. While you feel safe, you accidentally bump into another person. While you did not intend to bump into that person, they may have intended to bump into you. The end result is that person picked your pocket.

What is a VPN?
With a Virtual Private Network (VPN), you create a secure, encrypted tunnel between your computer and a remote VPN server. The data is essentially gibberish to anyone who might even be able to intercept it. A VPN will also protect you when you inadvertently connect the the hacker's WiFi.

So, consider the same scenario about the crowded sidewalk. In this case, before you leave to go to your next destination, you initiate a tunnel that lets you walk privately and securely alongside the other people. Nobody can get into your private tunnel while you have it turned on. Even if they can see you are in your tunnel, they can't see who you are. So, nobody can "pick your pocket".

A VPN can be either hardware or software. For most personal devices, the VPN is a software application or app. For a medium to larger computer network, the VPN may be its own network appliance or software within another network device.

How a VPN Protects You
To become protected by a personal VPN, you typically subscribe to a VPN software service. You pay for a subscription monthly or annually, usually at a cost of a few dollars per month. Many of the VPN providers offer a big discount for your initial subscription. Some subscriptions cover one device, others cover multiple devices. Once you install the software on your device, here's what you do when on public WiFi:
  1. Using your device, find and connect to the public WiFi, even if it is completely free and does not require a password. That establishes your internet connection.
  2. Now that you have an internet connection, start your VPN app.
  3. Follow the VPN app login instructions. That will connect your device to the VPN service and establish the secure VPN tunnel.
You may now surf the web securely.

VPN Providers
While I will not recommend any specific VPN app providers in this post, here is a list of a few of the popular VPN software, as per CNET: NordVPN, ExpressVPN, Hotspot Shield, PureVPN and CyberGhost VPN.

Alternatives to Using a VPN
If  you don't yet have a VPN service, consider these steps to reduce your risk of a security breach when using public WiFi:
  • Don’t use public WiFi to shop online, log in to your financial institution, open your email, or access other sensitive sites - not ever! While hackers may see your activity, at least they won't see your means to access data.
  • Implement two-factor authentication when logging into sensitive sites. That way if hackers have the passwords to your online banking, social media or email accounts, they won’t be able to log in. The online account service will send your device a code (the 2nd level of authentication), but not via the internet (e.g. a text message) to confirm your access.
  • Turn off the automatic WiFi connectivity feature on your device so it won’t automatically seek out and connect to public internet hot spots.
  • Turn off your Bluetooth connection on your device when in public places to ensure others are not intercepting your transfer of data.
  • Acquire an unlimited data plan for your mobile devices. Then, use the device's cellular data plan for your internet activity and stop using public WiFi.

The more you take your chances with using a public WiFi connection, the greater the likelihood that you will suffer some type of security breach. The better you protect yourself, the greater your chance of minimizing the potential damage. Using a VPN is a very reliable way to minimize the risk of a data breach when using public WiFi.

Click here to contact me regarding this or any other blog post. Also, I welcome comments, which you can enter below.

Friday, February 1, 2019

Get Your Website Noticed: Slowly or Quickly

Most websites get their traffic from search engine results such as Google, Bing and others. With millions of websites vying for viewer attention on the internet, how can you make yours stand out from the crowd? Search Engine Optimization (SEO) and Pay-Per-Click (PPC) can be strategies to use.
How Search Engines Work
The internet search engines have programs called "crawlers" or "bots" that continually run 24 x 7 searching the internet for website content. They look for new websites, web pages and text within web pages. As those programs find information about websites and content, they send that information back to their home system to be cataloged and indexed. 

To find websites via a search engine, you enter a search term in the search box. The search engines use their algorithms to provide you with a ranked list from their index of what web pages and documents you should be most interested in based on the search term you entered.

Since I have blogged on SEO previously (e.g. The Worst Website, SEO Best Practices for Website Domains and Search Engine Optimization: On-Page vs. Off-Page), I won't go into the mechanics of it in this post. Instead, let's compare SEO to Pay-Per-Click for getting your website noticed.

Slowly: Search Engine Optimization
Boosting visibility to your website, and ultimately your number of visitors, is a combination of several factors that can have long-term benefits. You need to optimize your website so it can be found easily by search engines (hence, Search Engine Optimization) so the search engines can tell people that your website is relevant to their search.

Optimizing your website by embedding relevant keywords in your content is an easy way to make it more visible to the search engines. In order to get the result you hope for, select the keywords that your audience is likely to use. Don't select the keywords based only on how you see your business or what you want to convey. If your audience is primarily industry people (e.g. vendors, industry-savvy clients, peers), you should use industry terms. If your audience is not primarily industry people (e.g. retail or non-industry customers), then use terms that lay people will use.

While updating your content can be quick, it may take 4 to 6 months for you to start seeing the search engine visibility results from your content changes. That's because it can take that long for the "crawlers" or "bots" to revisit your website, find the new content, and understand the relevancy of the new content to everything else it has stored in their index. If you then look to make additional changes based on your observed results, it may take another 4 to 6 months to see the effect of those content changes. That cycle tends to be typical with content changes.

While it can take 4 months or more for search engines to find your website based on keyword entry, the benefit of SEO is that the results are very durable. Once you have honed your SEO implementation and the search engines understand the relevancy of your website's content to search terms, the search engines will remember your website when similarly searched (assuming they don't change their algorithm, which does happen occasionally). Therefore, SEO is a viable and important mid-to-long term strategy for getting your website audience visibility.

Quickly: Pay-Per Click
Essentially, Pay-Per-Click is advertising. The 2 most popular forms of PPC are Google Ads and social media advertising. In a Google Ad campaign, you create an ad (typically that's free) and have Google list the ad for your website at or near the top the regular search listings. When someone clicks on your ad, you pay an agreed upon cost for the click from your budget. Google gives you guidance as to how much a click will cost for a specific search keyword or term. Once your entire budget has been depleted, Google stops running your ad until you replenish your budget fund. You set the budget amount, timeline and geographic location.

The budget amount can be a set amount with no term period or can be an amount set for a specific and periodic term. Let's assume a click will cost you $1.00 and you have a budget of $1,000:
  • When you have an ad with no set time limit, your ad will yield 1,000 clicks to your website no matter how long that takes - 1 day, 1,000 days or more.
  • When you set the budget amount to a term, such as $20 per day. That means that once 20 people clicked on your site for a single day (at any time of the day), the ad will stop displaying until the next day. The next day, the budget will reset and you may receive up to 20 clicks again. Assuming you get 20 clicks each day, your ad will last for 50 days.
Your budget can also identify a geographic region for display. If your business is local, your region may be 1 or more zip codes, one or more counties or one or more states. Google will display the ad on a person's search engine results when they are physically located in the region you set. The person's region is typically determined by the IP address of the network where the person is using Google. By limiting the region, you extend the term of your budget since people outside of your region will not see or click on the ad.

Google Ads are not affected by SEO, crawlers or bots, or the search engine algorithms. Once activated, the ad displays your website in the search result at the very moment a person enters a search term that matches your ad. Hence, the impact of PPC is immediate. On the other hand, when you discontinue the ad, or you exceed your budget, the ad immediately stops displaying your website. Either way, it does not affect the search engine index or SEO growth you are working to build.

Pay-Per-Click is available on Bing as well as Facebook, Instagram and other social media platforms. While we won't go into the details of those products in this post, suffice it to say that the basic intent and functionality are similar across platforms.

SEO results can be slow to achieve. You need time to develop the content to achieve strong organic visibility. And, you need patience while the search engines relate the indexed content to search terms.

There is no faster way to get your website in front of customers at the moment they are ready to buy than via PPC search engine advertising.

Improve your organic traffic. While organic search is not quick or easy to attain, it's very long lasting and durable once attained.
PPC appears at or near the top of the search result content. Typically a user will always see the paid search ads ahead of the organic ads.

Once your website attains a good ranking, your competitors need to work that much harder to display ahead of you.
Your ad displays for as long as your budget and campaigns are active. Once a campaign exceeds your budget or terms, your ad no longer displays.

Your website visibility is not bound by any specific geography or key word constraints. The search engine algorithms will display your website based on the relevance of the website content to the search terms entered.

When you need an assured, laser-focused advertisement., PPC allows you to target your geographic region and specific search terms to achieve your results.
SEO is essentially free. While you can hire a consultant to help you implement and monitor SEO, once implemented the organic nature of the growth occurs without any cost.
PPC campaigns can be expensive. It's important that you set your goals and budget as specifically as possible. Then, monitor your cost and performance. If not, you may find that your advertising cost is more that you would like.

So which is better? That's not a vaild question to ask. Both are strategies that are available to the website owner, and they are meant to be used for different reasons or to compliment each other. Use both wisely and effectively, but to acheilve different goals and results. One approach might be to use PPC for about 3-4 months until SEO begins to take hold. Or, use PPC to get immediate attention to specific or short-term campaigns, while using SEO to build a solid organic hold in the search engines.

Click here to contact me regarding this or any other blog post. Also, I welcome comments, which you can enter below.

Tuesday, January 1, 2019

Tips for Safe Internet Browsing

The Internet can be a dangerous place for those who are careless. Visit the wrong website and you can infect your computer with malicious software that will steal your data, or encrypt your data and demand a ransom for its return. We continually use the internet for our personal and business needs. Even though we are very comfortable using the internet, we cannot ignore basic internet safety rules. Here are some tips to help keep you safe when using the internet.
Keep Your Guard Up
Always be cautious about what you do online, which websites you visit, and what you share with/from others. Use comprehensive virus protection and malware protection software on your devices. Make sure you backup your data on a regular basis in case something bad happens to your device. Use a Virtual Private Network (VPN) when you are connecting to an unsecured WiFi network, such as from a library, coffee shop or other public place. By taking preventative measures, you can save yourself from issues that may arise later.

Use a Reputable Browser
Some browsers have implemented technology which checks the reputation of a website address before they allow the website to open in the browser. If the website’s reputation is bad, you’ll receive an alert from the browser. You can then choose not open the website or to proceed to the website. The best browsers for internet safety are:

Do Not Use the Browser's "Save Password" Option
A browser's built-in password manager is extremely convenient. This is the option when you enter a used ID & password on a web page, then the browser offers to save that information so you do not need to enter it again the next time you go to that website. However, this option is also insecure. This is an especially dangerous option when you are using a computer that is shared by others (at work or even at home with family), or via a laptop that may become lost or stolen. You can turn off a browser's save password option via the program's settings. If you want to save your IDs and passwords via a system, use a password protected file (e.g. Word, Excel, etc.) or an automated solution like LastPass.

Change Your Password After a Breach/Hack
A breach is when a website service you regularly use with a login (e.g. email, online banking, music or video streaming, online shopping, etc.) informs you that their system was hacked and it's likely your account ID and password was exposed. When alerted, change your password immediately and use a new password you never previously used. Actually, it's a sound practice to periodically change your account passwords - every 60-90 days is usually sufficient.

Turn on Two-Factor Authentication When Possible
Two-factor authentication is an extra layer of security designed to ensure that you're the only person who can access your account online, even if someone found out your password. It adds a quick extra step to your basic log-in procedure. The user ID and password is your first factor of authentication. Two-factor authentication adds a second level of authentication to an account login after you successfully enter your user ID and password. Examples of the second factor in two-factor authentication are:
  • Answer a set of challenge questions (e.g. What is the name of your first pet?).
  • The website you login to sends a text code to your cell phone. You then retrieve the code from the text message and enter that into the website's web page.
  • Connect a FOB or a bio-metric device (e.g. finger print scanner) to your computer, tablet ofrphone.

Only Visit Secure Websites
A secure website means all communications between your browser and the website are encrypted. Encryption helps to protect your data and identity from those trying to access your information while you are online. You can identify secure websites by looking for an address that starts with "https:" (the "s" stands for secure) rather than an address that simply starts with "http:". These websites may also be marked by a padlock icon next to the website address in the address bar, such as in this image:

Today, we use the internet for almost everything: We stay informed, do research, make connections, shop, do banking, play and work online. However in the digital world, internet safety should be on the top of everyone's mind. By exercising a bit of caution and being vigilant, you can stay safe and better protect your data while on the internet.

Click here to contact me regarding this or any other blog post. Also, I welcome comments, which you can enter below.